Cyber Incident Victim: Machatt Co., Ltd.

Machatt Co., Ltd. identified unauthorized third-party access to its online store systems, potentially compromising the personal information of 16,093 customers. The breach involved sensitive credit card details, including cardholder names, credit card numbers, expiration dates, and security codes. While the company confirmed the exposure of payment card data, it could not verify whether attackers accessed additional personal information stored in the same database. Machatt detected the intrusion prior to April 21, 2022, when it filed an initial report with local law enforcement. The incident prompted formal notification to Japan's Personal Information Protection Commission on April 27, 2022, indicating regulatory compliance efforts within six days of police reporting.

Public disclosure occurred nearly a month after regulatory notifications, with Machatt issuing an official breach notice on May 18, 2022. The company acknowledged system security deficiencies that permitted unauthorized database access but did not specify the intrusion methods or duration of undetected access. Response measures focused on infrastructure hardening based on internal investigation findings, with commitments to enhance monitoring capabilities and security protocols to prevent recurrence. No evidence suggested misuse of exposed financial data at the time of disclosure. The breach exclusively impacted customers of Machatt's online retail platform, though the company did not disclose whether affected individuals received direct notifications beyond the public announcement. Machatt's statement emphasized containment through post-incident security upgrades while maintaining operational continuity for its e-commerce services.